Fully support Hashicorp Vault paths

[BilledTrain380]

When using Hashicorp Vault, the operator seems to expect only one path segment before the secret and thus inserts the /data prefix to early. This will always result in a 403 Permission Denied error.

This works

cert-manager-sync.lestak.sh/sync-enabled: "true"
cert-manager-sync.lestak.sh/vault-addr: "your-vault-address"
cert-manager-sync.lestak.sh/vault-role: "your-role"
cert-manager-sync.lestak.sh/vault-auth-method: "kubernetes"
cert-manager-sync.lestak.sh/vault-path: "usa-hq-kvv2-team-1/your-secret"

While this won't, but the path is a valid solution in Vault

cert-manager-sync.lestak.sh/sync-enabled: "true"
cert-manager-sync.lestak.sh/vault-addr: "your-vault-address"
cert-manager-sync.lestak.sh/vault-role: "your-role"
cert-manager-sync.lestak.sh/vault-auth-method: "kubernetes"
cert-manager-sync.lestak.sh/vault-path: "usa-hq/kvv2/team-1/your-secret"

In this case the operator insert the /data prefix here usa-hq/data/kvv2/team-1/your-secret instead of usa-hq/kvv2/team-1/data/your-secret.
https://developer.hashicorp.com/vault/docs/secrets/kv#version-comparison

[BilledTrain380]

I'm working on a fix

[robertlestak]

hm ya this was only built/tested against v2 where kv names don't have / and it's expected to have data or metadata subpath. Open to PR supporting v1, as long as current functionality remains default